Blog

From leaked kernel-mode process handle to SYSTEM XIGNCODE3 is a popular anti-cheat solution provided on a B2B2C basis, predominantly found in online games. This class of software is known for its invasive nature, effectively acting as user-mode rootkits on the user’s system that adopt very aggressive scanning practices in order to detect known cheating tools.
In this instance, the anti-cheat in question also loads a signed driver into the user’s system, which it subsequently interacts with from user-mode in order to perform certain tasks.

Hajime is a decentralized modular worm that targets embedded devices with Telnet exposed to the internet.
Its binaries are built for Linux devices with ARMv5, ARMv6, ARMv7, MIPS little-endian and MIPS big-endian processor architectures.
It was originally discovered by Sam Edwards and I of Rapidity Networks SRG, and its behaviour was outlined in a paper that can be found here.
Ever since the release of the aforementioned paper on October 16th of 2016, there has been a series of changes as to how Hajime operates.